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Application Serial No. 10/801,406 
AMENDMENTS TO THE CLAIMS 

1. (Original) A method for . a first Web service provider to invoke a service hosted 
on a second . Web service provider on behalf of a principal in a computer environment, 
5 comprising the steps of: 

said principal logging in with a discovery service; 

said discovery service passing to said principal an identity assertion associated 
with said principal and a discovery service descriptor associated with said discovery 
service for use by principal for future authentication; 

10 said principal authenticating using said identity assertion and using said 

discovery service descriptor at a Web sen/ice client, said Web service client linking to 
and representing a desired commerce site of said principal; 

in response to an action related to said desired commercial site, said Web 
service client requesting a first service descriptor associated with said first Web service 
15; and a first service assertion associated with said first Web. service from said discovery 
service; 

in response to receiving said first service descriptor and said first service 
assertion, said Web service client invoking a desired service at said first Web service; 

upon said first Web service determining a need to invoke a second desired 
20 . service at a second Web service, said first Web service requesting frorin said discovery 
service a second service descriptor associated with said second Web service and a 
second service assertion associated with said second Web sen/ice; and 

in responsie to receiving said request for said second service descriptor and said 
second service assertion, said discovery service adding said second service assertion 
25 to said first sen/ice assertion and subsequently passing said first service assertion and 
said second service descriptor to said first Web service; . 
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in response to • receiving said first service assertion and second service 
descriptor, said first Web service invoking said desired second service at said second 
Web service. 

5 2. (Original) The method of Claim 1 , wherein said first Web service invokes one or 
more-services hosted on one or more Web servers. 

3. (Original) The method of Claim 1, wherein said Web service client, said 
discovery service, said first Web server, and said second Web server are members of a 

io federation relationship in which each member trusts said discovery service. 

4. (Original) The method of Claim 1, wherein said service assertion is any of, but 
not limited to: 

a ticket; 

15 a token; 

\ . is notarized by said discovery service; and 

is certified by said discovery service. 

5. (Currently Amended) The method of Claim 4, wherein said service assertion is 
20 . implemented using any of, but riot limited to: 

a string; 

a certificate; 

a public key; and 

discovery keys wherein the discovery service has copies of the keys^-aod ; 
■ 25 . any othor form of cryptography . 
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6. . (Original) The method of Claim 1 , wherein said service descriptor comprises any 
of, but not limited to: 

a URL; 

a String; and 

5 a Simple Object Access Protocol (SOAP) address for Web services. 

7. (Original) An apparatus for a first Web service provider to invoke a service 
hosted on a second Web service provider on behalf of a principal in a computer 
environment, comprising: 

10 means for said principal logging in with a discovery service; 

means for said discovery service passing to said principal an identity assertion 
associated with said principal and a discovery service descriptor associated with said 
: discovery service for use by principal for future authentication; 

means for said principal authenticating using said identity assertion and using 
15 said discovery service descriptor at a Web service client, said Web service client linking 
to and representing a desired commerce site of said principal; 

in response to an action related to said desired commercial .site, means for said 
Web service client requesting a first service descriptor associated with said first Web 
service and a first service assertion . associated with said first Web service from said 
20 discovery service; 

in response to receiving said first service descriptor and said first service 
. assertion, means for said Web service client invoking a desired service at said first Web 
service; 

upon said first Web service determining a need to invoke a second desired 
25 service at a second Web service, means for said first Web service requesting from said 
discovery service a second service descriptor associated with said second Web service 
and a second service assertion associated with said second Web service; and 
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in response to receiving said request for said second service descriptor and said 
second service assertion, means for said discovery service adding said second service 
assertion to said first service assertion and subsequently passing said first service 
assertion and said second service descriptor to said first Web service; 

5 in response to receiving said first service assertion and second service 

descriptor, means for said first Web service invoking said desired second service at said 
second Web service. 

8. (Original) The apparatus of Claim 7, wherein said first Web service invokes one 
10 or more services hosted on one or more Web servers. 

9. (Original) The apparatus of Claim 7, wherein said Web service client, said 
discovery service, said first Web server, and said second Web server are members of a 
federation relationship in which each member trusts said discovery service. 

10. (Original) The apparatus of Claim 7 f wherein said service assertion is any of, but 
not limited to: 

a ticket; 

a token; 

. is notarized by said discovery service; and 
.. is certified by said discovery service. 

11. (Currently Amended) The apparatus of Claim 10, wherein said service assertion 
is implemented using any of, but not limited to: 

.25 a string; 

a certificate; 

a public key: and 

• • ' • 5 .. .. .' 7 • 
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discovery keys wherein the discovery service has copies of the keys ; and 
any other form of cryptography . 

12. (Original) The apparatus of Claim 7, wherein said service descriptor comprises 
5 any of, but not limited to: 

a URL; 

a String; and 

a Simple Object Access Protocol (SOAP) address for Web services. 

10 13. (Original) A program storage medium readable by a computer, tangibly 
embodying a program of instructions executable by the computer to perform a method 
for updating address information in a computer environment, the method comprising the 
.steps of: 

said principal logging in with a discovery service; 

is said discovery service passing to said principal an identity assertion associated 

with said principal and a discovery service descriptor associated with said discovery 
service for use by principal for future authentication; 

said principal authenticating using said identity assertion and using said 
discovery service descriptor at a Web service cljent, said Web service client linking to 
20 and representing a desired commerce site of said principal; 

in response to an action related to said desired commercial site, said Web 
. service client requesting a first sen/ice descriptor associated with said first Web service 
and a . first service assertion associated with said first Web service from said discovery 
service; 

25 in response to receiving said first service descriptor and said first service 

. -assertion, said Web service client invoking a desired service at said first Web service; 
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upon said first Web service determining a need to invoke a second desired 
. service at a second Web service, said first Web service requesting from said discovery 
service a second service descriptor associated with, said second Web service and a 
second service assertion associated with said second Web service; and 

5 in response to receiving said request for said second service descriptor and said 

second service assertion, said discovery service adding said second "service assertion 
to said first service assertion and subsequently passing said first service assertion and 
said second service descriptor to said first Web service; 

in response to receiving said first service assertion and second service 
10 descriptor, said first Web service invoking said desired second service at said second > 
Web service. 

14. (Original) The medium of Claim 13, wherein said first Web service invokes one 
or more services hosted on one or more Web servers. 

. . 15. (Original) The medium of Claim 13 p wherein said Web service client, said 
discovery service, said first Web server, and said second Web server are members of a 
federation relationship in which each member trusts said discovery service. 

20 16. (Original) The medium of Clajm 13, wherein said service assertion is any of, but 
not limited to: 

a ticket; 

a.token; 

is notarized by said discovery service; and 
25 is certified by said discovery service. 
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17. (Currently Amended) The medium of Claim 16, wherein said service assertion is 
implemented using any of, but not limited to: 

a string; 

;a certificate; 

5 a public key; 

discovery keys wherein the discovery service has copies of the keys; and 

,a_af*y-eteef form of cryptography. 

18. (Original) The medium of Claim 13, wherein said service descriptor comprises 
10 any of, but not limited to:. 

a URL; 

a String; and 

a Simple Object Access Protocol (SOAP) address for Web services. 

15 19. (Original) A process for a first Web service provider to invoke a service hosted 
on a second Web service provider on behalf of a principal in a computer environment,, 
comprising the steps of: 

said principal logs in with a discovery service for subsequent authentication; 

in response to said log in, said discovery service passing an identity assertion 
.20 and a discovery service descriptor to said principal; 1 

said principal uses said identity assertion and said discovery service descriptor to 
access a Web commerce site with a Web service client software interface application; 

said Web service client software interface application requesting a first service 
. descriptor and a first service assertion for a first desired service at a first Web server 
25 from said discovery service; 
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in response to receiving said first service descriptor and said first service 
assertion from said discovery service, said Web sen/ice client software interface' 
application invoking said first desired service at said first Web server; 

said first Web server requesting a second service descriptor and a second 
5 service assertion for a second desired service at a second Web server from said 
discovery service; and 

in response to receiving said second service descriptor and said second service 
assertion from said discovery service, said first Web server invoking said second 
desired service at said second Web server on behalf of said principal. 

10 ' 

20. (Currently Amended) An apparatus for a first Web service provider to invoke a 
. service hosted on a second Web service provider on behalf of a principal in a computer 
. environment, comprising: « 

means for said principal logs in with a discovery service for subsequent 
15 authentication; * 

in response to said log in, means for said discovery service passing an identity 
assertion and a discovery service descriptor to said principal; 

means for said principal using said identity assertion and said discovery service 
descriptor to access a Web commerce site with a Web service client software interface 
.20 application; 

means for said Web service client software interface application requesting a first 
service descriptor and a first service assertion for a first desired service at a first Web 
server from said discovery service; 

in response to receiving said first service descriptor and said first service 
25 assertion from sajd discovery service, means for said Web service client software . 
. interface application invoking said first desired service at said first Web server; 
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means for said first Web server requesting a second service descriptor and a 
second service assertion for a second desired service at a second Web server from 
said discovery service; an4 

in response to receiving said second service descriptor and said second service 
5 assertion from said discovery service, means for said first Web server invoking said 
second desired service at said second Web server on behalf of said principal ; and 

means for retaining a footprint of requested services, wherein said footprint 
contains both said first service assertion and said second service assertion . 

10 21, (Currently Amended) A program storage medium readable by a computer, ; 
tangibly embodying a program of instructions executable by the computer to perform a 
method for updating address information in a computer environment, the method 
comprising the steps of: 

said principal logs in with a discovery service for subsequent authentication; 

; 15 in response to said log in, said discovery service passing an identity assertion 

. and a discovery service descriptor to said principal; 

said principal uses said identity assertion and said discovery service descriptor to 
access a Web commerce site with a Web service client software interface application; 

said Web service client software interface application requesting a first service 
20 descriptor and a first service assertion for a first desired service at a first Web server 
from said discovery service; 

in response to receiving said first service descriptor and said first service 
assertion from said discovery service, said Web service client software interface 
application invoking said first desired service at said first Web server; 

25 said first Web server requesting a second service descriptor and a second 

service assertion for a second desired service at a second Web server from said 
discovery service; and 
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in response to receiving said second service descriptor and said second service 
assertion from said discovery service, said first Web server invoking said second 
desired service at said second Web server on behalf of said principal,. 

wherein said second Web server indirectly communicates with said discovery 
5 service through said first Web server . ' 
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